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Claims 2, 3 and 16 have been cancelled. Claims 1, 4-15 
and 17-20 stand as previously presented. 

Claims 1-20 were considered in the Office Action. 

5 Claims 2, 3 and 16 stand rejected under 35 U.S-C. 112, 1^^ 

paragraph, as failing to comply with the enablement 
requirement. Claims 1-3, 5 and 10-20 stand rejected under 35 
U-S.C* 102(b) as being anticipated by McNeil et al., U.S- 
Patent 6,167,052 (hereinafter McNeil) - Applicants 

10 respectfully note that if these claims are to be rejected 

under 35 U.S.C. 102, this should be 35 U,S.C. 102(e) rather 
than 102(b)- Claims 4-9 stand rejected under 35 U,S,C- 103(a) 
as being unpatentable over McNeil in view of Specht, U.S. 
Patent 6.414,958 Bl. 

;L5 Support for the amendment to the specification is found 

at least in originally filed claims 2, 3 and 16. No new 
matter has been added. 

Applicants believe that the subject matter of claims 2, 3 
and 16 is fully enabling in the specification for one skilled 

20 in the art. Applicants believe that originally filed claims 
2, 3 and 16 were sufficiently described at least in 
Applicants' specification at page 2, line 29 - page 3, line 5, 
page 4, lines 9-14, page 10, lines 6-11, and page 12, line 9 - 
page 13, line 25. However, because these are only dependent 

25 claims. Applicants have cancelled claims 2, 3 and 16 in order 
to advance prosecution. 



yhe Invention of claim 1 
The cited references do not disclose or suggest: 

"A method of providing a plurality of secure computer 
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environments in a shared computer system, comprising: 

providing said shared computor system, said shared 
computer system comprising: 

a plurality of computers; 
5 at least one virtual local area network switch 

connected to said plurality of computers; 

a plurality of client connection ports 
connected to said virtual local area network switch; 

a configuration engine electrically connected 
to said at least one virtual local area network 
switch, said configuration engine comprising 
computer readable program code for configuring said 
at least one virtual local area network switch; and 
said configuration engine configuring said at least 
3^5 one virtual local area network switch to connect each of 

said plurality of client connection ports to at least one 
of said plurality of computers while isolating said 
plurality of client connection ports from one another so 
that each of said client connection ports may be 
20 connected to at least one of said plurality of secure 

coxi^>ut©r environments on said plurality of computers * " 
(Claim 1^ emphasis added) 

The above highlighted features which differentiate 
embodiments of the present invention from the cited references 

25 are features that are not anticipated by the cited references 
and would not have been obvious to a person with ordinary 
skill in the art having the cited references. McNeill does 
not disclose a shared computer system, such as the computer 
system in an application service provider, in which the 

30 multiple clients sharing resources in the computer system are 
completely isolated from each other. 

8 
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McNeill also does not disclose a plurality of client 
connection ports connected to at least one VLAN switch. 
McNeill discloses a static network configuration having 
multiple domains using VLANS in a conventional configuration. 
5 McNeill doss not disclose that external clients may be 

connected to the network through client connection ports to 
share network resources while being isolated from each 
another. 

McNeill also does not disclose a configuration engine 
10 connected to a VLAN switch. McNeill does not disclose that 

switch 128.1 is a VLAN switch, and therefore does not disclose 
performing the same function and providing the same 
configurable security as the VLAN switch configured by the 
configuration engine as in Applicants' claim 1- To anticipate 
15 a claim for a patent, a single prior source must contain all 
its essential elements. Hvbritec h, Inc, v> Monoclonal 
Antibodies. Inc. , 231 USPQ 81, 90 (Fed. Cir. 1986) . 

The Applicants believe the claim 1 is allowable over the 
cited references and respectfully request reconsideration. 
20 Claim 2 is believed allowable as depending from an 

allowable base claim and is further believed allowable in that 
the cited references to not disclose or suggest: 

"The method of claim ?, further cottprisxng said 
configuration engine reading computer requirements from at 
25 least one client connected to at least one of said plurality 
of client connection ports . " 

(Claim 2, emphasis added) 

The cited references do not disclose a configuration 
engine reading computer requirements from a client- The 
30 Examiner has indicated that client connections to network 

resources are restricted and provided based on some criteria. 

9 



PAGE 12/18 * RCVD AT 6/15/2004 2:16:21 PM [Eastern Daylight Time] ' SVR:USPT0^FXRF-112 " DNIS:8ra9306 * CSID:303 297 2266 * DURATION (mni-ss):04-54 



JUN-15-2004 12=21 



303 297 2266 



303 297 2266 



Appl. No. 09/584,252 

However, as noted above, McNeill discloses a typical static 
network configuration. Access is controlled by static access 
control lists defining connectivity restrictions by IP 
.addresses, (See McNeill col. 1, Ixnes 1-5) This does not 
5 disclose or suggest the shared computer system in which client 
connections are dynamically configured based on clients 
computer requirements by a configuration engine. Applicants 
therefore believe that claim 2 is allowable over the cited 
references and respectfully request reconsideration. 
10 Claim 3 is believed allowable as depending from an 

allowable base claim and is further believed allowable in that 
the cited references to not disclose or suggest: 

"The method of claim ?, further comprising said 
donfiguratlon engine calculating an optimum allocation of said 
15 plurality of conrputers to meet said con^uter re<iuirements of 
Si^aid at least one client." 

(Claim 3, emphasis added) 

The cited references do not disclose a configuration 
engine calculating an optimum allocation of computers in a 

20 shared computer environment to meet client requirements. As 
noted by the Examiner, this may comprise using load balancing 
or brokering systems, and is based on client requirements - 
However, Applicants disagree that McNeill discloses any 
calculation of optimum allocation of computers for clients - 

25 McNeill does disclose network connectivity restrictions using 
access control lists. However, there is no disclosure or 
suggestion that computers are allocated optimally for clients 
based on client requirements. 

Dependent claims 4-10 depend ultimately upon independent 

30 claim 1 which is allowable over the cited art as discussed 

above- These dependent claims are likewise in condition for 

10 
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allowance at least because they depends on an allowable 
independent claim. However, dependent claims 4-10 are 
independently allowable at least in that they recite 
particular features which, when combined with the elements of 
5 the independent claim, are not disclosed or suggested in the 
cited references. 

Claim 11 is believed allowable as depending from an 
allowable base claim and is further believed allowable in that 
the cited references to not disclose or suggest: 

10 "The method of claim ?, said shared computer system 

further comprising computer readable program code for 
authenticating client identification, said method further 
comprising authenticating client identification before said 
configuration engine conf igures said at least one virtual 

1 5 private network router , " 

(Claim 11, emphasis added) 

The cited references do not authenticate client 
identification before configuring a VPN router. Rather, the 
conventional network configurations disclosed by the cited 

20 references are statically configured, and network access is 
controlled during use by access control lists established in 
advance- In contrast, in Applicants' invention of claim 11, 
the configuration engine dynamically configures the network 
based on client requirements after authenticating client 

25 identification. In other words, the cited references 

statically configure a network, then control network access 
based on access control lists. In the invention of claim 11, 
clients are authenticated, then the network is dynamically 
configured by the configuration engine based on client 

30 requirements - 

11 
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T ^he Invent-ion of claim 13, 
The cited references do not disclose or suggest: 

"A secure computer system, comprising: 
a plurality of computers; 

5 a plurality of client: connGction porte; 

at least one virtual local area network switch 
electrically connected to said plurality of computers and 
to said plurality of client connection ports, wherein 
said at least one virtual local area network switch is 

LQ confxguxaJbld to diangeably connect each of said plurality 

of client connection ports to at least one of said 
plurality of computers while isolating said plurality of 
client connection ports from one another; and 

a configuration engine electrically connected to 

15 said at least one virtual local area network switch, said 

configuration engine comprising computer readable program 
code for configuring said at least one virtual local area 
network switch to changeably connect each of said 
plurality of client connection ports to at least one of 

20 said plurality of computers while isolating said 

plurality of client connection ports from one another. " 
(Claim 13, emphasis added) 

Applicants repeat the arguments for allowability set 
forth above with respect to claim 1, but specifically directed 

25 to the secure computer system of claim 13. Again, the cited 
references do not disclose a secure computer system having a 
plurality of client connection ports and a configuration 
engine that connects clients to computers in the secure 
computer system while isolating the clients from each other . 

30 Dependent claims 14-15 depend ultimately upon independent 

12 
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claim 13 which is allowable over the cited art as discussed 
above. These dependent claims are likewise in condition for 
allowance at least because they depends on an allowable 
independent claim. However, dependent claims 14-15 are 
5 independently allowable at least in that they recite 

particular features which, when combined with the elements of 
the independent claim, are not disclosed or suggested in the 

cited references - 

Claim 16 is believed allowable as depending from an 
10 allowable base claim and is further believed allowable in that 
the cited references to not disclose or suggest: 

"The secure computer system of claim ?, wherein said 
epmputor readable program code in said configuration engine 
furtlier conrprises eoda for reading client cozoputer 
15 requirements from at least on© client connected to said client 
connection ports . " 

(Claim 16, emphasis added) 

Applicants repeat the arguments for allowability set 
forth above with respect to claim 2, but specifically directed 

20 to the secure computer system of claim 16. Again, the cited 
references do not disclose a configuration engine that reads 
client computer requirements. 

Dependent claims 17-19 depend ultimately upon independent 
claim 13 which is allowable over the cited art as discussed 

25 above. These dependent claims are likewise in condition for 
allowance at least because they depends on an allowable 
independent claim* However, dependent claims 17-19 are 
independently allowable at least in that they recite 
particular features which, when combined with the elements of 

30 the independent claim, are not disclosed or suggested in the 
cited references. 
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The Inve ntion of claim 20 
The cited references do not disclose or suggest: 

"A secure computer system, comprising: 
a plurality of computers; 
5 a plurality of client data inputs; and 

means for securely connooting a portion of said 
plurality of client data inputs to a portion of said 
plurality of computers while isolating said portion 
of said plurality of computers from a second portion 
3^0 of said plurality of computers." 

(Claim 20, emphasis added) 

Applicants repeat the arguments for allowability set 
forth above with respect to claim 1, but specifically directed 
to the secure computer system of claim 20, Again, the cited 

15 references do not disclose a plurality of client data inputs - 
The cited references also do not disclose securely connecting 
client data inputs to computers in the secure computer system 
while isolating the client data inputs • The networks 
disclosed in the cited references are directed at controlling 

20 access using access control lists, and no discussion is 
directed at isolating clients accessing resources in the 
network from each other. 
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K 

The Applicants believe that the currently pending claims j 



are allowable over the cited references and respectfully 
request the timely issuance of a Notice of Allowance. 

Dated: Cl\< lo^ Respectfully submitted, 

5 P^' " ^ KLAAS, LAW, O'MEARA & MALKIN, P.C, 



By: 



Guy K. Clinger,^Esq. 
Registration N4^. 42,422 
1999 Broadway, Suite 2225 
10 Denver, CO 80202 

(303) 298-9888 
Fax: (303) 297-2266 
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